Microsoft has a new Security Advisory : Microsoft Security Advisory (961040)
Microsoft is investigating new public reports of a vulnerability that could allow remote code execution on systems with supported editions of Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). Systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are not affected by this issue.
Microsoft is aware that exploit code has been published on the Internet for the vulnerability addressed by this advisory. Our investigation of this exploit code has verified that it does not affect systems that have had the workarounds listed below applied. Currently, Microsoft is not aware of active attacks that use this exploit code or of customer impact at this time
Please refer to the following link for more information.